Javascript in HTML or Link field?

[bstonehill]

I have a popup window I want to launch from the detail view of a record. I've tried using javascript window.open() in an html field but it keeps stripping it out. I can open a simulated popup window by just using a hyperlink with target="_new" and then resizing the window in the body onLoad(), but I still get all the toolbars and scrollbars and everything else and this only works in IE. Firefox opens it in a new tab and then resizes the whole thing.

Thanks in advance

[bstonehill]

Okay, I've figured out that javascript is filtered out by the securexss() function in utils.php. Before I modify this function to not filter out javascript, is there a way to exclude just this particular field or to hardcode it's value so it's not run through securexss()?

Before I get blasted, I'm aware of the security risks but it's strictly accessible only on the LAN by about 20 users that I manage (none of which could even tell me what javascript is), and there will be no user editable html fields. I just need to be able to launch a popup from detail view.

[julian]

Hey bstonehill,

I'm moving this to the Developers forum, where you should get some more targeted answers.

What are you editing to add the JavaScript? Are you using Studio or modifying the code/templates yourself? I know you can do this without changing securexss(), I just need more info.

[bstonehill]

Nevermind, got a workaround I think

[Danielg42]

You can always input the code directly to the field's row in the "fields_meta_data" table of the database.